Patents Assigned to Vectra AI, Inc.
  • Publication number: 20240195827
    Abstract: Disclosed is an improved approach for managing security alerts to automatically isolate malicious security alerts from benign alerts using an ensemble model of pattern recognition techniques. In some embodiments, the approach provides for automatically isolating security alerts of malicious attack from security alerts that correspond to undesirable, yet benign, activity in computer networks, cloud infrastructures and SAAS applications. Specifically, the approach provides for qualitative contextual assessments of these alerts using an ensemble of models. These ensemble models leverage a history of security events on a computer network, cloud infrastructure and SAAS applications to determine a level of relevance for received alerts and determine, based on that level of relevance, how or if they should be presented to an administrator.
    Type: Application
    Filed: November 30, 2023
    Publication date: June 13, 2024
    Applicant: Vectra AI, Inc.
    Inventors: Hsin Chen, Himanshu Mhatre, Irina Javed, Daniel Carlton Hannah
  • Publication number: 20240195831
    Abstract: Disclosed is an improved approach for translating entity prioritization rules to a continuous numerical space. In some embodiments, the approach provided is a system for using qualitative prioritization criteria to train a system that generates quantitative urgency scores for entities. In some embodiments, this comprises an embedding scheme that enables the translation of entity information and their related alerts to a set of qualitative labels based on at least quantitative information. Generally, the system includes a set of analyst actions that establish desired mappings which are used to train a more general model that maps entity embeddings to responses. In some embodiments, the approach comprises one or more models that receive an entity embedding as an input and outputs a score that characterizes the urgency of the response warranted for that entity. In some embodiments, this is performed using various features (e.g., importance, actor type, velocity, and breadth).
    Type: Application
    Filed: November 30, 2023
    Publication date: June 13, 2024
    Applicant: Vectra AI, Inc.
    Inventors: Daniel Carlton Hannah, Himanshu Mhatre, Sohrob Kazerounian, Timothy John Wade, Karl Lynn, Stephen Malone
  • Patent number: 11973768
    Abstract: Disclosed is an improved method, system, and computer program product for identifying malicious payloads. The disclosed approach identifies potentially malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.
    Type: Grant
    Filed: November 24, 2020
    Date of Patent: April 30, 2024
    Assignee: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, John Steven Mancini
  • Patent number: 11880764
    Abstract: Disclosed is an approach for detecting malicious network activity (e.g. based on a data hoarding activity identifies using a graph mixture density neural network (GraphMDN)). Generally, the approach includes generating embeddings using a graph convolution process and then processing the embeddings using a mixture density neural network. The approach may include collecting network activity data, generating a graph representing the network activity, or an aggregation thereof that maintains the inherent graphical nature and characteristics of the data, and training a GraphMDN in order to generate pluralities of distributions characterizing one or more aspects of the graph representing the network activity. The approach may also include capturing new network activity data, and evaluating that data using the distributions generated by the trained GraphMDN, and generation corresponding detection results.
    Type: Grant
    Filed: September 23, 2020
    Date of Patent: January 23, 2024
    Assignee: Vectra AI, Inc.
    Inventors: Sohrob Kazerounian, Daniel Carlton Hannah, Tuomas P. Oikarinen
  • Publication number: 20230319086
    Abstract: Disclosed herein is an approach that includes providing a system for managing and expanding knowledge in a knowledge base. In some embodiments, the system comprises an expert system which performs a number of functions including data ingestion, application of a data retention policy, monitoring of a network system including deployments of detection signatures on the network system, response and alert management, posturing, and relevant automation. In some embodiments, the expert system interconnects with a war gaming engine to identify attack vectors to protected resources. In some embodiments, a collection of functions or modules is provided in place of the expert system—e.g., traditional programing techniques are used to provide functions or modules to perform similar processes using one or more function calls between the provided functions or modules.
    Type: Application
    Filed: March 30, 2023
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
  • Publication number: 20230319067
    Abstract: Disclosed is an approach for network security management using software representation that embodies network configuration and policy data. In some embodiments, the approach includes a process to generate a software representation of what is possible based on a network configuration and policy data. The software representation comprises a state machine where different states can be reached using respective transitions or properties why are possible as determined based on the network configuration and policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection. The software representation can then be stimulated to identify sequences of state-to-state transitions which may in turn be processed to generate corresponding detection signatures for use in monitoring the network.
    Type: Application
    Filed: April 1, 2022
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson IV, Karl Matthew Lynn
  • Publication number: 20230319100
    Abstract: Disclosed is an approach for analyzing attack paths in computer network generated using a software representation that embodies network configuration and policy data for security management. In some embodiments, the approach includes a process to analyze attack paths in a computer network to determine which attack paths might be most productively covered using a corresponding detection signature. In some embodiments, the attack paths are identified using a software representation that embodies network configuration and policy data. The software representation comprises a state machine where different states can be reached using respective transitions or properties. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection in the software representation using crash statements.
    Type: Application
    Filed: April 1, 2022
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
  • Publication number: 20230319050
    Abstract: Disclosed is an approach for generating a software representation that embodies network configuration and policy data of a computer network for use in security management. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on the network configuration and network policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection. The software representation can then be stimulated with various inputs to identify sequences of state-to-state transitions which may in turn be processed to generate corresponding detection signatures for use in monitoring the network.
    Type: Application
    Filed: April 1, 2022
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
  • Publication number: 20230315413
    Abstract: Disclosed is an approach for solving arbitrary constraint satisfaction problems. In some embodiments, the approach includes a process to generate a software representation of what is possible based on a system corresponding to the constraint satisfaction problem. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on a current state of the system and parameters thereof whether global or otherwise.
    Type: Application
    Filed: February 10, 2023
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
  • Publication number: 20230318845
    Abstract: Disclosed is an approach for generating detection signatures based on analysis of a software representation of what is possible in a computer network based on network configuration data and network policy data. In some embodiments, the process includes maintaining a plurality of detection signature templates, generation of detection signatures (detection signature instances) using respective detection signature templates that are selected based on the analysis of the software representation. In some embodiments, detection signatures templates are of different type and may be deployed at different locations based on their respective type(s), such as at source, destination.
    Type: Application
    Filed: April 1, 2022
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson IV, Karl Matthew Lynn
  • Publication number: 20230319068
    Abstract: Disclosed is an approach for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on the network configuration and network policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection in the software representation using crash statements. The software representation can then be stimulated using software analysis tools such as fuzzers to identify sequences of state-to-state transitions that could be used to compromise a protected resource on the computer network.
    Type: Application
    Filed: April 1, 2022
    Publication date: October 5, 2023
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
  • Patent number: 11595416
    Abstract: Disclosed is an improved approach for identifying security risks and breaches in a network by applying machine learning methods that learn resource access patterns in the network. Specifically, by observing the access pattern of the network entities (e.g. accounts, services, and hosts) from authorization requests/responses, the model through unsupervised learning, organizes the entity relationships into an ensemble of hierarchical models. The ensemble of hierarchical models can then be leveraged to create a series of metrics that can be used to identify various types of abnormalities in the access of a resource on the network. For instance, by further classifying the access request for a resource using abnormality scores into detection scenarios, the model is able to detect both an abnormality and the type of abnormality and include such information in a corresponding alarm when a security breach happens.
    Type: Grant
    Filed: April 28, 2020
    Date of Patent: February 28, 2023
    Assignee: Vectra AI, Inc.
    Inventors: Hsin Chen, Nicolas Beauchesne, Himanshu Mhatre, John Steven Mancini
  • Patent number: 11330005
    Abstract: Disclosed is an improved approach for detecting potentially malicious activity on a network. The present improved approach generates a multi-dimensional activity model based on captured network activity. Additional network activity is captured, and relative activity values are determined therefor. Determination of whether the additional network activity corresponds to potentially malicious activity is obtained by fitting the relative activity values of the additional network activity to the multi-dimensional relative activity model.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: May 10, 2022
    Assignee: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, Himanshu Mhatre, Daniel Carlton Hannah
  • Publication number: 20210105290
    Abstract: Disclosed is an improved method, system, and computer program product for identifying malicious payloads. The disclosed approach identifies potentially malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.
    Type: Application
    Filed: November 24, 2020
    Publication date: April 8, 2021
    Applicant: Vectra AI, Inc.
    Inventors: Nicolas Beauchesne, John Steven Mancini
  • Publication number: 20210092140
    Abstract: Disclosed is an approach for detecting malicious network activity (e.g. based on a data hoarding activity identifies using a graph mixture density neural network (GraphMDN)). Generally, the approach includes generating embeddings using a graph convolution process and then processing the embeddings using a mixture density neural network. The approach may include collecting network activity data, generating a graph representing the network activity, or an aggregation thereof that maintains the inherent graphical nature and characteristics of the data, and training a GraphMDN in order to generate pluralities of distributions characterizing one or more aspects of the graph representing the network activity. The approach may also include capturing new network activity data, and evaluating that data using the distributions generated by the trained GraphMDN, and generation corresponding detection results.
    Type: Application
    Filed: September 23, 2020
    Publication date: March 25, 2021
    Applicant: Vectra AI, Inc.
    Inventors: Sohrob Kazerounian, Daniel Carlton Hannah, Tuomas P. Oikarinen
  • Patent number: 10880321
    Abstract: Disclosed is an improved method, system, and computer program product for learning representations or embeddings of network flow traffic. The disclosed invention operates on network flow data which are then used as inputs to a deep-learning architecture that learns to embed the data into a vector space.
    Type: Grant
    Filed: January 27, 2018
    Date of Patent: December 29, 2020
    Assignee: Vectra AI, Inc.
    Inventors: Matthew R. Silver, Sohrob Kazerounian
  • Publication number: 20200374308
    Abstract: Disclosed is an improved approach for identifying security risks and breaches in a network by applying machine learning methods that learn resource access patterns in the network. Specifically, by observing the access pattern of the network entities (e.g. accounts, services, and hosts) from authorization requests/responses, the model through unsupervised learning, organizes the entity relationships into an ensemble of hierarchical models. The ensemble of hierarchical models can then be leveraged to create a series of metrics that can be used to identify various types of abnormalities in the access of a resource on the network. For instance, by further classifying the access request for a resource using abnormality scores into detection scenarios, the model is able to detect both an abnormality and the type of abnormality and include such information in a corresponding alarm when a security breach happens.
    Type: Application
    Filed: April 28, 2020
    Publication date: November 26, 2020
    Applicant: Vectra AI, Inc.
    Inventors: Hsin Chen, Nicolas Beauchesne, Himanshu Mhatre, John Steven Mancini